Created
December 11, 2011 10:11
-
-
Save paulbarbu/1459761 to your computer and use it in GitHub Desktop.
Login flow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| User enters the app(tralala mode), he logs in, I must save the SESSID and the | |
| expiry date in the DB, next time he visits me I must check if he comes with some | |
| PHPSESSID cookies, if he does then I must check if that SESSID is in the DB, if | |
| it is it mustn't be expired, then the user is logged in again, but if that SESSID | |
| is expired he must relog and you must read from line 1 again :D | |
| On logout I just delete his SESSIDs from the DB and destroy the session. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What I've said was implying "destroy ALL expired sessionS" - here is not about THE user, it's about MANY sessions of different users - you're really cleaning up the database. That's why I was saying on the mailing list that this way, in contrast to the cronjob one, is worse, because you have to clean up things which don't necessarily belong to the user who's actually triggering the request.